India’s National Security Council Secretariat (NSCS) is considering bringing in a separate law— one of the deliverables of proposed National Cyber Security Strategy, dealing with Cyber Security issues in the country. The strategy will compliment various provisions for cyber security in the Information Technology (IT) Act, and financial regulations mandated by the Reserve Bank of India (RBI). The strategy will comprehensively address the emerging cyber security issues.
Considering the pattern on recent cyber-attacks worldwide, the strategy will also be focussing on the Critical National Infrastructure (CNI)— evaluating the domestic and international needs to strengthen the infrastructure. The policy based on three broad pillars— i) National Security, ii) Enabling Businesses, and iii) Individual Security, will also be addressing the issues and India’s stand on Artificial Intelligence (AI), data sharing and localisation.[1]
According to the PwC’s 2022 Digital Trust Insight Survey, around 80 per cent of Indian firms are likely to increase their Cyber Security budget in the year 2022. Considering that the landscape of cyber-threats is continuously evolving, organisations are investing extensively in cyber security more than ever to manage their risks.
Out of 3,602 business, technology, and security executives worldwide, the report included responses from executives of 109 businesses based in India. Against 26 per cent organisations globally, 41 per cent of Indian firms predict double-digit growth in their cyber budget in 2022. However, only 25 per cent of Indian respondents have realised the importance of cyber investments.[2]
Addressing the India Internet Governance Forum (IIGF), jointly organised by the Ministry of Electronics and Information Technology (MeitY) and National Internet Exchange of India (NIXI), on 27 November 2021, the Minister of State for Electronics, and Information Technology (E&IT)—Rajeev Chandrashekhar emphasised on the collaboration among democratic nations and societies on creation of safe, trustworthy, and accountable Internet which has no boundaries.
“Prime Minister Narendra Modi had launched the ‘Digital India’ mission with three primary objectives— i) to transform lives of Indians, ii) expansion of economic opportunities with digital entrepreneurship, and iii) enhance strategic capabilities in certain technologies, including the Internet,” said Rajeev Chandrashekar, MoS (E&IT).[3]
During the first (virtual) meeting of the India-United Kingdom (UK) Joint Working Group (JWG) on Cyber Deterrence, held on 25 November 2021, both sides discussed several essential aspects related to cyber deterrence and ways to further deepen the existing bilateral cyber cooperation under the India-UK Framework for the Cyber Relationship. The Indian delegation was led by Atul Malhari Gotsurve— Joint Secretary (Cyber Diplomacy), Ministry of External Affairs (MEA), India, and the UK delegation was led by Will Middleton—Cyber Director, Foreign Commonwealth Development Office (FCDO), UK. The discussion was attended by senior cyber officials from respective Ministries and Departments from both the countries.
The India-UK Framework for the Cyber Relationship was inked on 17 April 2018 in New Delhi, India. Under the framework, India and the UK agreed to work closely and hold regular consultations on addressing the challenges to cyber-deterrence and for building effective cyber-deterrence strategies.[4]
On 28 October 2021, the United States’ Department of Commerce’s Bureau of Industry and Security (BIS) added four entities that have been likely to be acting contrary to the US foreign policy and national security, to the Entity List. The Final Rule Doc 2021-23980 amended the Export Administration Regulations (EARs), which means that export to these four entities from the US counterparts are restricted.
The Final Rule added following four entities to the Entity List and includes, where appropriate, aliases:
According to the document released by the US Department of Commerce, these entities traffic in cyber exploits used to gain access to Information Systems, threatening the privacy and security of individuals and organisations worldwide. [5]
On 06 November 2021, a senior defence expert at Taiwan’s Institute for National Defence and Security Research (INDSR)— Su Tzu-yun warned that an Electronic Warfare (EW) was the main threat from China when Chinese aircrafts were intruding into Taiwan’s Air Defence Identification Zone (ADIZ) with intentions to control electronic messaging in the war theatre. Between January to September 2021, 99 out of the 544 Chinese aircrafts, including J-16 fighter and versions of the Y-8, and Y-9, that intruded the Taiwan’s ADIZ, were equipped with EW capabilities.
“China’s strategy was to disrupt Taiwan’s Air Defence System (ADS), gain control over the air, provide erroneous radar information, and launch attacks from the air catching the opposition (Taiwan) completely unaware,” added Tzu-yun. [6]
On 03 November 2021, the United States’ (US) Cybersecurity and Infrastructure Security Agency (CISA) issued an operational directive to federal agencies to fix more than 300 security vulnerabilities which are identified as carrying “significant risk” to their networks. The CISA gave six months to fix these security vulnerabilities, some of which date back to 2014 and 2015, and pose a “frequent attack vector” for cyber-criminals targeting the US federal agencies.
Mostly, the directive applies to the civilian federal agencies, but also applied to the networks run by the military and under the US Defense Department or the Intelligence Community (IC).[7]
On 27 November 2021, Google’s cyber security action team issued a statement saying that the Cloud services are under cyber threat as the hackers have been using compromised accounts to practice the crypto-mining. The Cloud services offered a platform to store users’ data and files off-site. In the procedure of crypto-mining (collecting the crypto-currency as a reward for finishing a task), the cyber-criminals validate the data blocks and add the transaction records to the public records known as Blockchain.
On 24 November 2021, Google submitted a report claiming that over 80 per cent of recent hacking incidents of Google’s Cloud services, were used to practice crypto-mining. The process involved acquiring crypto-currencies by solving cryptographic puzzles with the assistance from high-powered computers[8]
China’s Ministry of Industry and Information Technology (MIIT)’s Cyberspace Administration and Police had summoned the Cloud Services divisions of Alibaba and Baidu regarding the better preventive measures to be implemented for telecom network fraud. The Cloud platforms of both tech-giants [Alibaba and Baidu] were found to have allowed access to fraudulent websites.
The summoned were issued amid China’s vision to build its own State-backed Cloud system and regulatory crackdown whose targets included the technology sector. [9]
[1] Bhardwaj, Deeksha. “Centre planning separate cybersecurity policy”, Hindustan Times, 27 October 2021, Available from:https://www.hindustantimes.com/india-news/centre-looks-at-making-cybersecurity-an-independent-law-may-include-focus-on-emerging-tech-101635274397673.html. Accessed on 28 October 2021.
[2] PTI. “Most Indian firms to increase cybersecurity budget in 2022: PwC survey”, Economic Times-Telecom, 31 October 2021, Available from: https://telecom.economictimes.indiatimes.com/news/most-indian-firms-to-increase-cybersecurity-budget-in-2022-pwc-survey/87426869. Accessed on 02 November 2021.
[3] PTI. “Democratic countries need to think about creating safe, accountable Internet: MoS IT”, ET Telecom. 28 November 2021. Available from: https://telecom.economictimes.indiatimes.com/news/democratic-countries-need-to-think-about-creating-safe-accountable-internet-mos-it/87958533. Accessed on 29 November 2021.
[4] India. Ministry of External Affairs. 2021. First Meeting of the India-UK Joint Working Group on Cyber Deterrence, 25 November 2021, Available from: http://mea.gov.in/press-releases.htm?dtl/34534/First_Meeting_of_the_IndiaUK_Joint_Working_Group_on_Cyber_Deterrence . Accessed on 27 November 2021.
[5] United States. Department of Commerce-Bureau of Industry and Security, 2021. Addition of Certain Entities to the Entity List.Available from: https://www.bis.doc.gov/index.php/documents/regulations-docs/federal-register-notices/federal-register-2021/2868-86-fr-60759/file. Accessed on 31 October 2021.
[6] Strong, Matthew. “Taiwan defense expert warns against threat from Chinese electronic warfare”, Taiwan News, 06 November 2021, Available from: https://www.taiwannews.com.tw/en/news/4337123. Accessed on 08 November 2021.
[7] Whittaker, Zack. “US federal agencies told to patch hundreds of security bugs”, Tech Crunch, 03 November 2021, Available from: https://techcrunch.com/2021/11/03/cisa-directive-hundreds-security-patches/ . Accessed on 06 November 2021.
[8] ET Online. “Hackers are using Cloud accounts for crypto mining, Google issues warning”, ET Telecom, 27 November 2021, Available from: https://telecom.economictimes.indiatimes.com/news/hackers-are-using-cloud-accounts-for-crypto-mining-google-issues-warning/87951877. Accessed on 28 November 2021.
[9] Reuters. “China tells Alibaba, Baidu cloud units to better prevent telecoms fraud”, ET-Telecom, 24 November 2021, Available from: https://telecom.economictimes.indiatimes.com/news/china-tells-alibaba-baidu-cloud-units-to-better-prevent-telecoms-fraud/87879469 . Accessed on 26 November 2021.